Cryptography and Cryptography and Network Security Network Security Chapter 16 Chapter 16 Fourth Edition Fourth Edition by William Stallings by William Stallings Lecture slides by Lawrie Lecture slides by Lawrie Brown Brown
Cryptography and Cryptography and Network SecurityNetwork Security
Chapter 16Chapter 16
Fourth EditionFourth Edition
by William Stallingsby William Stallings
Lecture slides by Lawrie BrownLecture slides by Lawrie Brown
Chapter 16 – IP SecurityChapter 16 – IP Security
If a secret piece of news is divulged by a spy If a secret piece of news is divulged by a spy before the time is ripe, he must be put to before the time is ripe, he must be put to death, together with the man to whom the death, together with the man to whom the secret was told.secret was told.
——The Art of WarThe Art of War, Sun Tzu, Sun Tzu
IP SecurityIP Security
have a range of application specific have a range of application specific security mechanismssecurity mechanisms eg. S/MIME, PGP, Kerberos, SSL/HTTPSeg. S/MIME, PGP, Kerberos, SSL/HTTPS
however there are security concerns that however there are security concerns that cut across protocol layerscut across protocol layers
would like security implemented by the would like security implemented by the network for all applicationsnetwork for all applications
IPSecIPSec
general IP Security mechanismsgeneral IP Security mechanisms providesprovides
authenticationauthentication confidentialityconfidentiality key managementkey management
applicable to use over LANs, across public applicable to use over LANs, across public & private WANs, & for the Internet& private WANs, & for the Internet
Benefits of IPSecBenefits of IPSec
in a firewall/router provides strong security in a firewall/router provides strong security to all traffic crossing the perimeterto all traffic crossing the perimeter
in a firewall/router is resistant to bypassin a firewall/router is resistant to bypass is below transport layer, hence transparent is below transport layer, hence transparent
to applicationsto applications can be transparent to end userscan be transparent to end users can provide security for individual userscan provide security for individual users secures routing architecturesecures routing architecture
IP Security ArchitectureIP Security Architecture
specification is quite complexspecification is quite complex defined in numerous RFC’sdefined in numerous RFC’s
incl. RFC 2401/2402/2406/2408incl. RFC 2401/2402/2406/2408 many others, grouped by categorymany others, grouped by category
mandatory in IPv6, optional in IPv4mandatory in IPv6, optional in IPv4 have two security header extensions:have two security header extensions:
Authentication Header (AH)Authentication Header (AH) Encapsulating Security Payload (ESP)Encapsulating Security Payload (ESP)
IPSec ServicesIPSec Services
Access controlAccess control Connectionless integrityConnectionless integrity Data origin authenticationData origin authentication Rejection of replayed packetsRejection of replayed packets
a form of partial sequence integritya form of partial sequence integrity Confidentiality (encryption)Confidentiality (encryption) Limited traffic flow confidentialityLimited traffic flow confidentiality
Security AssociationsSecurity Associations
a one-way relationship between sender & a one-way relationship between sender & receiver that affords security for traffic flowreceiver that affords security for traffic flow
defined by 3 parameters:defined by 3 parameters: Security Parameters Index (SPI)Security Parameters Index (SPI) IP Destination AddressIP Destination Address Security Protocol IdentifierSecurity Protocol Identifier
has a number of other parametershas a number of other parameters seq no, AH & EH info, lifetime etcseq no, AH & EH info, lifetime etc
have a database of Security Associationshave a database of Security Associations
Authentication Header (AH)Authentication Header (AH)
provides support for data integrity & provides support for data integrity & authentication of IP packetsauthentication of IP packets end system/router can authenticate user/append system/router can authenticate user/app prevents address spoofing attacks by tracking prevents address spoofing attacks by tracking
sequence numberssequence numbers based on use of a MACbased on use of a MAC
HMAC-MD5-96 or HMAC-SHA-1-96HMAC-MD5-96 or HMAC-SHA-1-96 parties must share a secret keyparties must share a secret key
Encapsulating Security Payload Encapsulating Security Payload (ESP)(ESP)
provides provides message content confidentiality & message content confidentiality & limited traffic flow confidentialitylimited traffic flow confidentiality
can optionally can optionally provide the same authentication provide the same authentication services as AHservices as AH
supports range of ciphers, modes, paddingsupports range of ciphers, modes, padding incl. DES, Triple-DES, RC5, IDEA, CAST etcincl. DES, Triple-DES, RC5, IDEA, CAST etc CBC & other modesCBC & other modes padding needed to fill blocksize, fields, for traffic flowpadding needed to fill blocksize, fields, for traffic flow
Transport vs Tunnel Mode Transport vs Tunnel Mode ESPESP
transport mode is used to encrypt & transport mode is used to encrypt & optionally authenticate IP dataoptionally authenticate IP data data protected but header left in cleardata protected but header left in clear can do traffic analysis but is efficientcan do traffic analysis but is efficient good for ESP host to host trafficgood for ESP host to host traffic
tunnel mode encrypts entire IP packettunnel mode encrypts entire IP packet add new header for next hopadd new header for next hop good for VPNs, gateway to gateway securitygood for VPNs, gateway to gateway security
Combining Security Combining Security AssociationsAssociations
SA’s can implement either AH or ESPSA’s can implement either AH or ESP to implement both need to combine SA’sto implement both need to combine SA’s
form a security form a security association association bundlebundle may terminate at different or same may terminate at different or same
endpointsendpoints combined bycombined by
• transport adjacencytransport adjacency• iterated tunnelingiterated tunneling
issue of authentication & encryption order issue of authentication & encryption order
Key ManagementKey Management
handles key generation & distributionhandles key generation & distribution typically need 2 pairs of keystypically need 2 pairs of keys
2 per direction for AH & ESP2 per direction for AH & ESP manual key managementmanual key management
sysadmin manually configures every systemsysadmin manually configures every system automated key managementautomated key management
automated system for on demand creation of automated system for on demand creation of keys for SA’s in large systemskeys for SA’s in large systems
has Oakley & ISAKMP elementshas Oakley & ISAKMP elements
OakleyOakley
a key exchange protocola key exchange protocol based on Diffie-Hellman key exchangebased on Diffie-Hellman key exchange adds features to address weaknessesadds features to address weaknesses
cookies, groups (global params), nonces, DH cookies, groups (global params), nonces, DH key exchange with authenticationkey exchange with authentication
can use arithmetic in prime fields or elliptic can use arithmetic in prime fields or elliptic curve fieldscurve fields
ISAKMPISAKMP
Internet Security Association and Key Internet Security Association and Key Management ProtocolManagement Protocol
provides framework for key managementprovides framework for key management defines procedures and packet formats to defines procedures and packet formats to
establish, negotiate, modify, & delete SAsestablish, negotiate, modify, & delete SAs independent of key exchange protocol, independent of key exchange protocol,
encryption alg, & authentication methodencryption alg, & authentication method
ISAKMP Payloads & ISAKMP Payloads & ExchangesExchanges
have a number of ISAKMP payload types:have a number of ISAKMP payload types: Security, Proposal, Transform, Key, Security, Proposal, Transform, Key,
Identification, Certificate, Certificate, Hash, Identification, Certificate, Certificate, Hash, Signature, Nonce, Notification, DeleteSignature, Nonce, Notification, Delete
ISAKMP has framework for 5 types of ISAKMP has framework for 5 types of message exchanges:message exchanges: base, identity protection, authentication only, base, identity protection, authentication only,
aggressive, informationalaggressive, informational